General
-
Target
Sًolara (solara).zip
-
Size
57.4MB
-
Sample
240924-h6mt9avhnl
-
MD5
f7b5e7b48233a00d95db46ab8fd288e0
-
SHA1
d3fd89134630c5b68fae261a31d7c4d09ae3a42b
-
SHA256
9219fc77d57606ceb9b764f0edbabfd8cb6a9b6d1e24e1b32ffc6e059f4fa0d1
-
SHA512
f75de9b81f9b99ca1adde708c23cb1a457291a713893bd78baa31aa4e189396272452ff5cd8101c362b23fd2a8473d916604526f60b7158b51d6c1f96b379c8e
-
SSDEEP
786432:D+Mp0V8HZOLNf7riTFsMCz6YmxbSsFRIOZmoTE1GUCp7Fvg5CH6R/4TCLO+J9HvH:b6V8El7u5bYmxbXZ9446Nvh6/9dpOT
Behavioral task
behavioral1
Sample
Solara/Solara.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Solara/Solara.exe
-
Size
310KB
-
MD5
1e181be6e908e79fee9731a069aaabee
-
SHA1
29380123f713099837cde30d3f29346cf2d7912e
-
SHA256
cbe50981fad560cd0b69085df56181bacecb067458d5f4c531c4e6c5942f8d51
-
SHA512
2ad0db04847aa0bbbf48b0bd26866baa3bc53a86d37f621c3a6b33fa115965a15c6f5d8536676bc7afa1b58785fe5728b19b4c95372432dba66e5e70f1c42f4c
-
SSDEEP
6144:7bKDUycO672Zl2Iik4BD2N2oGEq7GmbLvrp1VDs:7bKgc675JJoq7GmbXp1VD
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-